IETF Logo Mail Archive

Re: [Id-event] Feedback: draft-ietf-secevent-subject-identifiers-05 (Tim Cappalli)

Tim Cappalli <Tim.Cappalli@microsoft.com> Tue, 14 July 2020 15:55 UTC

Return-Path: <Tim.Cappalli@microsoft.com>
X-Original-To: id-event@ietfa.amsl.com
Delivered-To: id-event@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4955C3A08CD for <id-event@ietfa.amsl.com>; Tue, 14 Jul 2020 08:55:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1V7HNGoMXR3j for <id-event@ietfa.amsl.com>; Tue, 14 Jul 2020 08:55:03 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650093.outbound.protection.outlook.com [40.107.65.93]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52A443A08D4 for <id-event@ietf.org>; Tue, 14 Jul 2020 08:55:03 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CM1kH9/gdPRz7wNcFihwnTGCy3AGllsa8U/kTU8BCumMhBbfouflZAUKy9c4oJNp7ubGce1aBXVdps1b6KOG1jzcsOkYSHjFh+pzDarr60Zug3MSJfFt7kaYLQx6bWJ1CCcVG6ZYBtowzMFfNmiHUaDFd70+LEMJpv9xO3tE/LCgVcC18YYfUpHnDtlm5vXy84U1k5+r2AjwI2mCNeQYMZzd7q41AuiExLCOCyglXq66+SLy4z1kgSGo+EfY2NzzilSgCmY1/ehTPyl9IeIV5nG2aQQvvjJjAbP4H8pblbr1UERohCGkidDmsZhcjymC1BH5mBZB03fVXp48DvRIUw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2sLvbBMEA561aEh/m95/hewnb3JhxjroPy5zksM1/IQ=; b=i3KA+N3pQaCVA2c+xitLGH7JfOMwzriKnRMVqED9KRF/z4TxTii+Ryh1XbYPMJtL8fyGR8JPeGvpx5kEz+//UDA+njdOKqKNT17Bj/DA0yF4IrheN56CrSrI1dZBg3MMOWga4CZDYOCUaO4JjSVtiLiu2ScSm1yCH+GQiJtxGFvKQtb8X8KddVFdRjlZB4IaNB+I0TQwxu1CS01Fy3/ZU7cze6RIxZiAyfDy/IO8kAIKmzhPL1E4G0XRiP6IyxgkFYtiaZP4ZLtTwghbrlNyWDGsQmBimvVx5y0+aZH+UwVgLMFuDqEf2N8IS73fk7k3JxwUfC57qdV4LDFecZHj2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2sLvbBMEA561aEh/m95/hewnb3JhxjroPy5zksM1/IQ=; b=QCMOpP1vpqyJR+e5pNec2n5RXNoJRg739ho4/Rpl3mczUQPaq8Ec98X2TH/Cbg/SH8oLF/h8K14Bj/vSelperIntYrQ6mDp8nebG5ai1v+VmzI+OKqxvZ/HdT8Iz68ALMjvxcGbwuAS3gtuiH5A7nRB8W7xDmUqWnDEqEgJo5CM=
Received: from DM6PR00MB0816.namprd00.prod.outlook.com (2603:10b6:5:208::12) by DM6PR00MB0859.namprd00.prod.outlook.com (2603:10b6:5:220::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3227.0; Tue, 14 Jul 2020 15:55:01 +0000
Received: from DM6PR00MB0816.namprd00.prod.outlook.com ([fe80::f138:129:83ad:8071]) by DM6PR00MB0816.namprd00.prod.outlook.com ([fe80::f138:129:83ad:8071%8]) with mapi id 15.20.3231.000; Tue, 14 Jul 2020 15:55:01 +0000
From: Tim Cappalli <Tim.Cappalli@microsoft.com>
To: "Richard Backman, Annabelle" <richanna=40amazon.com@dmarc.ietf.org>, "id-event@ietf.org" <id-event@ietf.org>
Thread-Topic: [Id-event] Feedback: draft-ietf-secevent-subject-identifiers-05 (Tim Cappalli)
Thread-Index: AQHWWTwM2wdMqVFhB0+kNKxypDuLo6kFc6SAgAHH3pQ=
Date: Tue, 14 Jul 2020 15:55:01 +0000
Message-ID: <DM6PR00MB0816D0DE5A6F4E83E2C6A3AF95610@DM6PR00MB0816.namprd00.prod.outlook.com>
References: <DM6PR00MB08162FA2A449A78F0E49C20895600@DM6PR00MB0816.namprd00.prod.outlook.com>, <2DBA1C53-4CB8-4D6B-A928-68FA718E3ECB@amazon.com>
In-Reply-To: <2DBA1C53-4CB8-4D6B-A928-68FA718E3ECB@amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=True; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-07-14T15:53:59.3830408Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Privileged
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [100.0.202.188]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: e61f2276-815f-4246-8664-08d8280e4492
x-ms-traffictypediagnostic: DM6PR00MB0859:
x-microsoft-antispam-prvs: <DM6PR00MB085945A9A91096291E8AC96395610@DM6PR00MB0859.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FLp2+9q//lX0U01zeWGWVZzZG+oOoUAyJYkpi2uAtc+AYQSlZoGQ30fkiEyfLPgoVMnQXKr5YJDhsdkrs0ASm211iFfFHla4JekWc1yOWttVO36qLqCpAY4taTzcewGBZLB0CPO7Kp2sMU6Y+EWPwctHTdHdwwFEN19RPGcjKLrdfWye+dnwd3+lE1naLcOdRAKNKGqgk32S3TdVa9wvfkxI0kPFekbSfLamTa7ltNAb3La6+RXSs9EPE9jBgzlc2RWegIgnPSjftgoLmteSZ022xvQkOdSrwiOxEl5hnF1zvleGJfcUL8UIzATOWAmhlWbq6SYVSsxg2pb0C0v0lab/A+axESuawA6myigu8GatcagfyoZ0TuPFCrpIskT8CsegxFnqnVCw9zKF2nhymg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR00MB0816.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(366004)(396003)(39860400002)(376002)(346002)(136003)(76116006)(8990500004)(9686003)(55016002)(2906002)(83380400001)(82960400001)(166002)(82950400001)(66946007)(478600001)(10290500003)(86362001)(966005)(66446008)(66476007)(64756008)(91956017)(66556008)(8936002)(8676002)(186003)(71200400001)(52536014)(26005)(53546011)(7696005)(6506007)(5660300002)(316002)(33656002)(110136005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: f/V1RUMNvn19JL4WY2cdMd7h9xQC0A/vxScXawf8rbV9wM2mwEpyDcAlCm33IV01EmHWxT5IQDmD6pmDrwM0ZQViDrXqbXLtT5nL24eY0V2oUrPkiEyzDcO/osCqgm2MurpfYsbEdjkXcMZy9v8nxtNounQtIc196Widk/WhU85UCcxhpQeZWb/ac5Y5l5hh9yxbVB1RsR8t2yd9yeGJx02Ot4iNM7Yf5lBNmBI1R034SZOqbiFrQj9C6xma5wgSBMkcZX6hFQTco1MXe2/Xap/gaUr27m0/P6w4Xd8ED5wAHo8exjQvMhN066g+g3u1dFpFWCv4fkpIwkNxUR3+QT6xNNrPMVGW4q6fYr7lDBvIS5i0gY9SF8vYEDMQoQ5+IsU9gS5Q8uYIQwJ7bMIFsyDQYqBP39qhGgFHp/2WmyU=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR00MB0816D0DE5A6F4E83E2C6A3AF95610DM6PR00MB0816namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR00MB0816.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e61f2276-815f-4246-8664-08d8280e4492
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Jul 2020 15:55:01.6339 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NF4GlL4QPGfbqwK8GuroTA4NLQNIoSPx0L5xeY4BtmZAvYvxqvvDS5TRkbf17Ycv+SDTmirbIaKlfET/QmHaGg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR00MB0859
Archived-At: <https://mailarchive.ietf.org/arch/msg/id-event/u4mgQmGMeCnr7Y_UFkHjIMI2l7Y>
Subject: Re: [Id-event] Feedback: draft-ietf-secevent-subject-identifiers-05 (Tim Cappalli)
X-BeenThere: id-event@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A mailing list to discuss the potential solution for a common identity event messaging format and distribution system." <id-event.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/id-event>, <mailto:id-event-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/id-event/>
List-Post: <mailto:id-event@ietf.org>
List-Help: <mailto:id-event-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/id-event>, <mailto:id-event-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Jul 2020 15:55:05 -0000

Just removing “User” and making it “Account Subject Identifier” makes sense to me!

tim

From: Richard Backman, Annabelle <richanna=40amazon.com@dmarc.ietf.org>
Date: Monday, July 13, 2020 at 15:43
To: Tim Cappalli <Tim.Cappalli@microsoft.com>om>, id-event@ietf.org <id-event@ietf.org>
Subject: Re: [Id-event] Feedback: draft-ietf-secevent-subject-identifiers-05 (Tim Cappalli)
Thanks for the review, Tim! Replies are [richanna] inline [/richanna].

–
Annabelle Backman (she/her)
AWS Identity
https://aws.amazon.com/identity/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Faws.amazon.com%2Fidentity%2F&data=02%7C01%7CTim.Cappalli%40microsoft.com%7Ceb85afdfa1cc438e480208d82764f4ea%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637302662146929830&sdata=qTdkVOfuUVhtBL6fJJzzmKmqulwlGZAk8HwK2MeFowA%3D&reserved=0>


From: Id-event <id-event-bounces@ietf.org> on behalf of Tim Cappalli <Tim.Cappalli=40microsoft.com@dmarc.ietf.org>
Date: Monday, July 13, 2020 at 11:11 AM
To: "id-event@ietf.org" <id-event@ietf.org>
Subject: [EXTERNAL] [Id-event] Feedback: draft-ietf-secevent-subject-identifiers-05 (Tim Cappalli)


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

Sorry for the delay, I sent this last week but to the -bounces address by accident.

Here’s my feedback:

3.
    There are definitely use cases for locally significant subject identifier types between two parties (example: first party platforms). The current text mandates registration with IANA. There should be flexibility to use internal/private/local subject identifier types.

                [richanna]
Agreed. This has been brought up a few times now, so there’s pretty clearly a need for it. We can allow for unregistered names similar to how JWT allows for unregistered claims.
[/richanna]

3.1

    If this identifier type is going to be restricted to user accounts (by RFC7565), then I think it should be called the "User Account Subject Identifier Type" with a "subject_type" value of "user-account". Devices can also have accounts.

                [richanna]
                I don’t see a reason why this needs to be restricted to user accounts. We should just strike “user” from the first sentence.
[/richanna]


7.1.1
    Should the controller be updated to "OpenID Foundation Shared Signals and Events Working Group" to reflect the new name of the group?

                [richanna]
                This never got edited when we moved this work from OIDF to here. Should be updated to IETF.
[/richanna]

7.1.2.1
    See feedback for 3.1


Tim

v2.8.7 | Report a Bug | By Email